It also must be mathematically proven to function exactly as intended – and only as intended – at all times. EAL6 means that the OS was created using current good commercial practices, including specialized skills, knowledge, and other resources. EALs are established via independent assessment against a Target of Evaluation. The overriding purpose of a High Assurance Operating System is to guarantee consistent functionality and to make critical computers and their data invulnerable to hackers and high level attacks.

Most of the High Assurance Operating Systems in use today were developed and implemented for the U.S. Department of Defense (USDoD), the National Security Agency (NSA), and a select few other government agencies to protect against theft of sensitive data and/or destruction of critical systems. This includes military bases and facilities, intelligence agencies, critical infrastructure systems, and other governmental and regulated operations. In recent years, however, as corporations and other private sector organizations have put more of their operations on computer networks, the threat of malicious cyber attacks has led to increased inquiries about and adoption of High Assurance Operating Systems for commercial use. From financial services and pharmaceuticals companies to retailers, private security firms, health care centers, and more, the dramatic escalation of data breaches, spyware, ransomware, and valued customers’ credential theft has made the security of High Assurance Operating Systems increasingly attractive.

The most significant challenge for any organization intent on upgrading to a High Assurance Operating System is that very few major computer system manufacturers build their operating systems with security as the primary focus of their architecture. To most, security is a bolt-on feature to be added later, which simply does not work anymore. A genuinely secure operating system must be built around the reference monitor, the kernel component that enforces security established by Mandatory Access Control (MAC) policy...and very few manufacturers do that. A secure OS also must have a very small attack surface – under 500,000 lines – which is also a deal-breaker for most manufacturers. There are more criteria that go into building a true High Assurance Operating System, but organizations that pursue those basics go a long way toward truly making their systems secure.


This information page is provided as a service to our readers by BAE Systems, Inc., a U.S.-based world leader in aerospace, defense, power, and intelligence solutions. Learn more about us here.

Space Products

Electronic Systems

Learn more about our products and services.
Read more